Remote Work and Protecting Personally Identifying Information (PII)

Personally Identifying Information (PII) must always be handled with care.  An important aspect of ensuring proper care is understanding how our changing work environment requires those who work with PII, or Information Owners, to maintain higher diligence in their responsibilities.

PII definition: Information that alone or in conjunction with other information identifies an individual, including an individual’s: Name, Social Security Number, date of birth, or government issued identification number.

See section 2.1.29 of the UNT System Information Security Handbook for larger list of possible PII information.

 

Remote work provides benefits to university employees. With those benefits comes additional risks and responsibilities for those protecting PII.  The following guidance will assist you in the process of reviewing your PII handling procedures while working remote.

 

Document Accountability

Documents with PII should have the ability to be accounted for and secured.  Misplaced or lost PII may result in a data compromise, privacy incident and investigation. Placing our university, its reputation, and our stakeholders at risk. Departments and individuals should communicate and plan on how PII will be addressed in a remote work situation and still maintain compliance with UNT System and local departmental policies (see links at bottom of page). Physical documents should never be removed from an approved secure campus location. 

 

Protecting PII

Remote work adds additional concerns on how to transfer and protect PII.  The following are guidelines to assist in making sound decisions:

Guidance Why
Access, store, and modify PII documents on an approved university location that is accessible by encrypted VPN when possible.

Ideally all documents that contain PII should be stored in a secure location digitally or physically.  For those that are digital the university provided VPN encrypts traffic to protect it.   Storing documents on a university storage location can allow for access, storage, and even modification of the document with limited risk.

Documents with PII should not be stored or copied to a non-university device.

This includes but is not limited to computers, tablets, phones, or thumb-drives

Personal owned devices are not authorized to store university documents with PII.  Storage of university information on a private device places the information at risk. University provided laptops uphold encryption and additional security protections that your personal devices will not have.

Do not email or forward emails with PII except through a university account and encrypted.  PII information should never be sent unencrypted. Only send from and to a university provided email address and add #SECURE to the subject line of the email. 
Do not print documents with PII from your personal printer Personal printers maintain internal storage and when these devices are disposed of, the information stored can still be vulnerable.
Secure your system by locking your screen when you walk away.

You never know who might be looking through windows or what website a family member might try to visit when you go for a cup of coffee. Systems used for university business should be secured with password protection and only accessible by authorized individuals.

 

Important university associated links:

UNT System Information Security Handbook

UNT Information Technology Policies

UNT Dallas Information Technology Policies (See Chapter 14)

UNT HSC Information Technology Policies

 

 

For questions related to PII or Information Security please reach out to your local department or contact us directly at: security@untsystem.edu